How to install a VPN in Linux - Setup a VPN on Linux Ubuntu and Kali Linux

This article is a simple how-to guide to installing a VPN in Linux using various methods. For more information on why you want to do this (and you do!) please see 5 Best Linux VPN Services. That article also includes some great Linux VPN recommendations.

Thanks to its popularity, this article focuses on installing a VPN in Linux Ubuntu. The same instructions should also work just fine for Linux Mint, Debian, and Kali (which is based on Debian), and should provide useful guidelines for users of other Linux distros.

Use a VPN’s custom Linux software

In most Operating Systems, the easiest way to set up a VPN is to use a VPN provider’s custom software. This also true in Linux, but very few VPN providers offer a custom Linux VPN client.

In fact, the only VPN providers I know of to offer Linux clients with the full range of features typically found in Windows and macOS software are AirVPN and Mullvad .

AirVPN’s “Eddie” client supports a range of Linux configurations and is open source.

ExpressVPN also offers a custom Linux client, but it is command-line only and is not very fully-featured. It is available for Ubuntu, Fedora, and Raspbian, but is not open source.

OpenVPN For Linux via NetworkManager

Outside of dedicated clients, probably the easiest way to install and use OpenVPN on most Linux systems is via the NetworkManager daemon.

It is worth noting that AirVPN recommends against using NetworkManager “due to multiple, critical problems.” I have not, however, been able to establish any more details regarding this, and most VPNs seem happy to use it.

Installing OpenVPN in Ubuntu GNOME

1. Register an account with your chosen VPN provider.

2. Download your provider’s .ovpn config files for servers you wish to connect to. These can often be batch-downloaded as a .zip file, in which case you will need to it unzip before use.

In the past, NetworkManager did not like inline certificates and keys. Because of this, many VPNs recommend downloading them separately. But this no longer appears to be necessary.

3. Download and install the Ubuntu OpenVPN packages for NetworkManager by opening a Terminal window and typing:

sudo apt-get install network-manager-openvpn-gnome

4. Check that OpenVPN is correctly installed by clicking on the NetworkManager Icon in the notification bar.

Then go to VPN Off -> VPN Settings -> VPN -> and click the + button.

In the Add VPN box you should see an OpenVPN option. If you don’t see OpenVPN, then restart your PC.

5. Assuming you see the OpenVPN option, don’t click on it. Click on “Import from file…” instead. Navigate to where you downloaded the .ovpn files and double-click on one.

6. An Add VPN box will appear populated by the server’s VPN settings. Simply fill in your Username and Password and hit “Add”.

7. The VPN is now set up. Yay! To start it, go to NetworkManager -> VPN off -> and select the server you wish to connect to.

OpenVPN directly via the Linux Terminal

As a Linux user, I find nothing sexier than a blinking command-line curser! Yeah, baby! According to AirVPN, using OpenVPN via Linux Terminal is also more secure than using NetworkManager, although I have not been able to independently confirm this or uncover the details.

Unfortunately, I cannot do a general setup guide for this as the specifics vary too much by VPN and by which flavor of Linux you use. Most good providers, however, have guides.

Note that if using OpenVPN directly, DNS requests will not be pushed to the VPN provider’s DNS servers. IP leaks can be resolved by modifying resolvconf to push DNS to your VPN’s DNS servers.

Alternatively, you can manually configure the iptables firewall to ensure all traffic (including DNS requests) must go via the VPN server. This will, at least, ensure all DNS requests are proxied by your VPN. It will also act as a kill switch.

The documentation on your VPN’s website may give you further guidance on these issues.

Manually Configure VPN for Linux using PPTP via NetworkManager

PPTP is not a secure VPN protocol, so we generally recommend that you avoid it. NetworkManager comes with PPTP support “out of the box,” however, which can make PPTP a useful “quick and dirty” solution when security is not a high priority.

2. Fill in the PPTP setting given to you by your VPN. Note that these settings are not specific to Linux, so you can use generic settings or settings given for another platform.

Manually Configure VPN for Linux using L2TP/IPsec

As disused in the Complete VPN Encryption Guide, L2TP is a tunneling protocol that does not provide any encryption or confidentiality to traffic that passes through it, so it is usually implemented with the IPsec authentication suite (L2TP/IPsec).

How to install L2TP/IPsec for NetworkManager

NetworkManager-l2tp is a VPN plugin for NetworkManager 1.2+ which includes support for L2TP/IPsec.

To install, fire up Terminal and enter the following commands:

sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp

sudo apt-get update

sudo apt-get install network-manager-l2tp

You may be prompted to install additional binaries (e.g. for GNOME), in which case go ahead. Restart your PC and L2TP should now be enabled in NetworkManager.

Setup is very similar to using PPTP (see above), except that you will need to enter some additional IPSec authentication details. Again, your VPN should be able to provide these, and generic settings are fine.

Update May 2018: There is currently a bug in xl2tpd which may compromise its use with the IPSec protocol. The issue has already been fixed in Fedora, so I would expect it to be patched in Ubuntu and Debian soon. Please see here for the details and latest updates.

Manually Configure VPN for Linux using IKEv2

IKEv2 is a secure and fast VPN protocol that is rapidly gaining popularity with VPN services. It is supported in Linux via strongSwan. strongSwan packages are available for most versions of Linux, or you can compile it yourself.

How to install IKEv2 for NetworkManager. You can build this from source, or Debian/Ubuntu users can open Terminal and enter:

sudo apt-get install network-manager-strongswan

In use, the plugin works just like the L2PT NetworkManager plugin described above.

Check Linux VPN for IP leaks

The example above shows a bad case of IPv6 leaks. The IPv4 DNS result correctly shows that I am connected to a VPN server in the US, but the website can see my real UK IPv6 address via both a regular DNS leak and WebRTC. Fail!

For more information about staying secure with a VPN in the UK or US check out the guides below:

Note that Private-Use – [RFCxxxx] IPs are local IPs only. They cannot be used to identify an individual or device, and so do not constitute an IP leak.

Setup VPN for Linux: Conclusion

As with most things Linux, things are never quite as easy as they are on more mainstream platforms. That said, even inexperienced Debian/Ubuntu users should have no problems setting up a VPN using NetworkManager.

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

Gerhard Herre

Douglas Crawford replied to Gerhard Herre

Hi Gerhard, I'm afraid that I can't provide setup instructions for every version of Linux out there. There are simply far too many, and, to be honest, I have never used (Arch-based) Manjaro Linux. Eddie does come as a standard Arch Linux (AUR) install package, though...